Custom geo-ip based blacklist/blocklist

Hi all,

I’d like to build a custom geo-ip based blacklist. I’ve already found that geoip-enrich is required to populate such a geoip-database. However, I am stuck on the custom blacklist part. I can find a way to integrate geoip-enrich within the whitelist, but I would like to do the exact opposite.

Is this at all possible using crowdsec?

Thanks in advance :slight_smile:

What exactly are you trying to achieve with the blocklist?

Assuming you’re using a bouncer that supports it, you can ban all traffic from China for 4h like this: cscli decisions add --scope country --value CN. CrowdSec would not be the most obvious tool for perm blocklisting as it would always block based on behavior. So if you’re looking to write a scenario that issues ban per country you should take a look at this article.

If you have further questions I would advise you to join our Discord server - the community there is much more active. We also have Discord specific events like workshops, talks and AMAs. The invite link is CrowdSec.

Have a great day

Hi @klausagnoletti ! Thanks for your reply :slight_smile:
I have resolved this issue in a different manner, using this guide

1 Like